Which of the following BEST maximizes the protection of these systems from malicious software?

3 thoughts on “Which of the following BEST maximizes the protection of these systems from malicious software?”

1. My exam has been postponed for 8 weeks now due to covid-19, so I’ve had time to take a new look at these questions.
   (C ) Whitelisting – any application not on the list wouldn’t be able to run – so no malware or attack programs could run. The question doesn’t say if the SCADA systems are on the network or air-gapped. A firewall would only be necessary if the systems were not air-gapped. But Whitelisting would be effective either way.

   Reply

2. Defending against SCADA attacks –
   * Apply network segmentation. Partitioning networks can prevent the spread of malware and efficiently contain attacks. Network segmentation also minimizes the chances of exposure of sensitive information.
   * Use adequate security measures between the ICS network and corporate network. Although safety in both networks is important, using adequate security measures like firewalls between such networks can prevent the lateral movement of attacks from one to another.
   https://www.trendmicro.com/vinfo/za-en/security/news/vulnerabilities-and-exploits/one-flaw-too-many-vulnerabilities-in-scada-systems

   Reply

3. If the critical SCADA systems do not always have the latest patches then they are vulnerable to attack in any zone on any port unless either air-gapped else a firewall is there and configured to protect them. A host firewall would be installed on the computers that run the SCADA systems and wouldn’t be as effective as a firewall on the network where the computers that run the SCADA systems reside. In any of the above answers they would remain vulnerable, but perhaps least vulnerable with a network firewall protecting them.

   Reply